5G Security: Developing a Common Approach to 5G Security, at the forefront of 5G Innovation. Part 2

continuation from Part 1 posted on August 21st, 2019 ......

A lot of countries were asking what are the general principles that should be apply to improve the security and networks. There is a way to adapt a set of bare principles to secure 5G technology. Czech Republic hosted the Prague 5G Security Conference in May 2019. Government officials from more than 30 countries across the globe, alongside representatives from the European Union, the North Atlantic Treaty Organization, and industry, participated in discussions regarding the important national security, economic, and commercial considerations that must be part of each country’s evaluation of 5G vendors. Attendees also discussed that important considerations in 5G network architecture include the security of supply chains for telecommunications networks and infrastructure and the risks associated with vendors vulnerable to third country influence. One particular that is very important is talking about the legal system and ability of 3rd country to influence a particular vendor.

What we need is a risk based security approach to 5G networks and as part of that we look very closely at the supply chain. 5G is going to put the vendor in privilege position of being able to update those networks with massive amount of software, software patching and firmware updates on a very regular basis so that puts the vendors a very powerful position.

How are the Europeans responding to this?

The first country in Europe to come up with a set of principles was the European Union EU itself. European Union Commission announced set of principles in late of March 2019. This included a provision to say 'to look at the vendor country, the Countries where the vendor located, and its model of the governance, and the ability of the country to influence a vendor'. That was the kind of initial movement by the European Union to look into these. Germany came up with a set of principles for valuing to securing their networks, including the ability of the vendor to abide by the data protection laws that apply in Germany. Since then, European Union ask all the member states to do a national assessment of the security issues with regards in telecom networks and support to be submitted to Brussels in July this year. The next steps are whether to be a European wide assessment of security and then to develop recommendations by end of the year on securing the 5G networks.

What do you think the time-line on this for the European?

The aim to reach a conclusion or recommendation by the end of this year. A number of options start to take in place. We can see a number of diversification in how different countries approach the issue within the European Union. We continue to see evolution of principles over time. We see a number of countries talking about technical aspects of 5G, looking at 5G security authentication, who have the access, how the networks are architected to be more secure, looking at the ability of having patches on regular basis.

When we go to other countries, particularly outside of Europe, they do not aware there is alternatives to buy what they could use 5G technologies. People don’t know there is more than one company.

International Telecommunication Union (ITU), where do they fit in 5G discussion?

International Telecommunication Union (ITU) over the years responsible for ensuring interoperability across borders for telecommunications, and ITU involved in number of data topics now. ITU established in 2012 a standard that specification need to be meet in order to be properly defined as 5G compliant ,called it that as ‘2020 proposal for 5G’. When the private sector process for 3GPPP projects (Third Generation Private Public Partnership Project) results in having Release 16 this year when results in its final set standard of specifications, this have to meet standards layout by ITU in 2012 to perform certain level to meet as 5G compliant. ITU play a very important role establishing standards there, helps assign frequency bands, and uses for frequency. Once every 4 years there is a major conference by ITU, called the World Radiocommunication Commission conferences for assigning spectrum bands, that helps harmonize globally the releases of spectrum. This is happening October this year.

What would you need more innovation in 5G, how can we drive innovation in those areas?

In RAN space, take a look at the radio, with 4G the digital part of the radio separated from the RF part of the radio, and the RF part of the radio are on the top with the antennas. Now with 5G, the radio is getting evolved a bit more, the RF part of the radio is integrating with the antennas, we don’t have a separate antennas. We don’t have a separate antennas and radio anymore. It is quite integrated and advanced in terms of massive MIMO, millimeter wave. And it is really interesting in what happens on digital part of radio at the base of the tower. The digital part splits into two pieces, and it is also being virtualized so it is become clarified. There is no longer dedicated electronic hardware there. There are software on servers for the digital radios, and it is broken into two pieces. One part of the digital radio will be near the telecom tower performing high speed processing. The other part of the digital radio move back into the network tower towards the core, to perform the slower speed processing. And that architecture is enabling a lot these interfaces capabilities like edge computing. So, there is an opportunity with 5G to have new vendors in perpetualize RAN space with the virtualized digital radio and with advanced radio and antenna technologies.

Do you think that adopting Open Standards, Interoperability, Virtualizing the Network; will that make more difficult for BIG competitor to compete in this market, or they are in well position as other vendors to compete?

I certainly think they are BIG enough, have enough of cash to maneuver in that space, the challenge will be Operators to move away from buying monolithic boxes that do all the functionality, too much of de-segregated the network will unleash more competition. It’s not a magic solution, it will take a lots of work. There are other issues need to be dealt with, like interoperability, open standards issues, but also the transparency in how the deals are structured, I do think that can help build the market, so that everyone can compete in this space.

How can we get more start up activity in the 5G technology space, what can we do to generate more start up activity?

If we look at the requirement from these businesses, they sit very near to the radio access network. How do we leverage these two together? These requirements are taking orchestration, from the software and the enterprises, an orchestration from the network provider, they need to combine or leverage somehow. Because if you have orchestration from an enterprise, from the network, how can they leverage each other. I think there is a lot of innovation that are starting to happen now, from the RAN all the way up to the Core, and on to the data center. So, in standardizing these startups and in standardizing that people who will deploy like network providers, in standardizing to deploy with startups, because that process itself can be long time in coming.

Spectrum, Availability, Streamlining Permits for Small Cell Sites. What needs to be done in order to issue some specific policy recommendations on how the government can approach this to accelerate the deployment of 5G?

There are different things when you talk about smart cities, smart hospitals, or different types of consumers walking into those facilities, and all kinds of workers. So, the ability to have multiple operators in the same facility is going to be an area of innovation as well. From a small cell sites, a standard principle should be adopted, from a reasonable ecstatic solution for what a small cell site would look like in an area. Right now, we develop a nice package, and you go to every municipality, that needs different specific requirement. If you can develop one standard profile, that could be regulated to help with that process for standardization, will go long way rather than to be in different customization.

The key point is that there is going to be difference here from what we see in consumer space & recognizing that there requires some new flexibility for enterprises. Making sure the needs of the enterprises, what type of slices that can work well for them, whether there is a need or not some specialized services that are focused on particular segments of industry, and the type of slices that might go along with that. There may be some need for new ways of sharing spectrum and there may be some freedom of giving license spectrum for enterprises for their use inside those spaces.

As we think about the possibilities of 5G, how the inter roles going to be in our lifestyles, what are the other areas that we can think about reducing risk & security, such as hardening the systems against electromagnetic weapons. How can these be addressed going forward?

Obviously a lot attention paid to 5G security itself. There are multiple security issues, but there is an effort underway by Standards Body at 3GPPP SA3 focused entirely on Security Standards for 5G deployments. Basically taking lessons learned from LTE, 4G, 3G etc , taking the Security in the Standard itself. How that can be applied to drones for example and those types of technologies. There are additional security layered on top of that for drones. The 3GPP Standards is really about the network, how to secure the network, but at the device side you really need additional security protection (on the individual device as well).

And part of the technology, we put in things like secure on place, as you onboard the device, as the device gets on boarded, there is a secure device onboarding and that happens throughout the network. So, you know that is the right device that has the right identification, that has the right capabilities before any data gets transmitted across, so those security assets are coming to the network and as well to the edge computing. As we bring more power to the edge network, we add more visibility on control (as we bring more computing to the edge network).

One of the big things in edge computing is that as operator, a lot of security tools that we use in the core network, then are push to the edge. Hence, we can start to do monitoring, we can start looking at flows, and we can identify things that happens closer to the user. There are a lot things happening with 5G, a push on the Core infrastructure to the end users. It’s about changing the network architecture model, hence we could change the game in security infrastructure, a lot work is underway.